Re: Wicket Authorization
use MetaDataRoleAuthorizationStrategy 2010-04-09 wicketyan 发件人: Janani Sundarrajan 发送时间: 2010-04-09 05:38:24 收件人: users@wicket.apache.org 抄送: 主题: Wicket Authorization Is it possible use a metadata driven component based authorization? Wicket in Action gives an example @AdminOnly private class ModeLink extends Link {.} Then implement isActionAuthorized() of the Authorization Strategy. But I feel that it is not a good solution to create new classes for every role. Is there a metadata driven way to do this? Can I add some metadata to a component and then check based on that in the isActionAuthorized() method of the Authorization Strategy? I am a Wicket newbie, so forgive me if I am missing something very basic. Thanks, ~Janani
Wicket Authorization
Is it possible use a metadata driven component based authorization? Wicket in Action gives an example @AdminOnly private class ModeLink extends Link {.} Then implement isActionAuthorized() of the Authorization Strategy. But I feel that it is not a good solution to create new classes for every role. Is there a metadata driven way to do this? Can I add some metadata to a component and then check based on that in the isActionAuthorized() method of the Authorization Strategy? I am a Wicket newbie, so forgive me if I am missing something very basic. Thanks, ~Janani
RE: Wicket Authorization (Using MetaDataKey)
I will do that. Thank you. -Original Message- From: Igor Vaynberg [mailto:igor.vaynb...@gmail.com] Sent: Wednesday, April 07, 2010 4:55 PM To: users@wicket.apache.org Subject: Re: Wicket Authorization (Using MetaDataKey) well, there are plenty of uses of this in our code, have a look there -igor On Wed, Apr 7, 2010 at 2:51 PM, Janani Sundarrajan wrote: > Doesn't seem to work either! > > -Original Message- > From: Igor Vaynberg [mailto:igor.vaynb...@gmail.com] > Sent: Wednesday, April 07, 2010 4:48 PM > To: users@wicket.apache.org > Subject: Re: Wicket Authorization (Using MetaDataKey) > > public static MetaDataKey priv = new > MetaDataKey(){}; > > -igor > > On Wed, Apr 7, 2010 at 2:23 PM, Janani Sundarrajan > wrote: >> Hello, >> >> I am trying to implement a simple authorization strategy for my Wicket >> application. I am implemented my own AuthorizationStrategy (extending >> IAuthorizationStrategy). >> >> http://old.nabble.com/Authorization-strategy-help-td18948597.html After >> reading the above link, I figured it makes more sense to use >> metadata-driven authorization than one using Annotations. >> >> So I have a simple RoleCheck class >> >> public class RoleCheck { >> >> private String privilege; >> >> public RoleCheck(String priv) { this.privilege = priv; } >> >> public void setPrivilege(String privilege) { this.privilege = privilege; > } >> >> public String getPrivilege() { return privilege; } >> >> } >> >> I add it a component public static MetaDataKey priv = new MetaDataKey() >> {}; editLink.setMetaData(priv, new RoleCheck("Update")); >> >> And in my Authorization Strategy class, I try to get the metadata >> associated with the component >> >> public boolean isActionAuthorized(Component component, Action action) { > if >> (action.equals(Component.RENDER)) { RoleCheck privCheck = (RoleCheck) >> component.getMetaData(EditControlToolBar.priv); if (privCheck != null) { >> ... } } >> >> However the getMetaData gives an error "Bound mismatch: The generic > method >> getMetaData(MetaDataKey) of type Component is not applicable for the >> arguments (MetaDataKey). The inferred type RoleCheck is not a valid >> substitute for the bounded parameter " >> >> Any help would be appreciated. Thank you >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket Authorization (Using MetaDataKey)
well, there are plenty of uses of this in our code, have a look there -igor On Wed, Apr 7, 2010 at 2:51 PM, Janani Sundarrajan wrote: > Doesn't seem to work either! > > -Original Message- > From: Igor Vaynberg [mailto:igor.vaynb...@gmail.com] > Sent: Wednesday, April 07, 2010 4:48 PM > To: users@wicket.apache.org > Subject: Re: Wicket Authorization (Using MetaDataKey) > > public static MetaDataKey priv = new > MetaDataKey(){}; > > -igor > > On Wed, Apr 7, 2010 at 2:23 PM, Janani Sundarrajan > wrote: >> Hello, >> >> I am trying to implement a simple authorization strategy for my Wicket >> application. I am implemented my own AuthorizationStrategy (extending >> IAuthorizationStrategy). >> >> http://old.nabble.com/Authorization-strategy-help-td18948597.html After >> reading the above link, I figured it makes more sense to use >> metadata-driven authorization than one using Annotations. >> >> So I have a simple RoleCheck class >> >> public class RoleCheck { >> >> private String privilege; >> >> public RoleCheck(String priv) { this.privilege = priv; } >> >> public void setPrivilege(String privilege) { this.privilege = privilege; > } >> >> public String getPrivilege() { return privilege; } >> >> } >> >> I add it a component public static MetaDataKey priv = new MetaDataKey() >> {}; editLink.setMetaData(priv, new RoleCheck("Update")); >> >> And in my Authorization Strategy class, I try to get the metadata >> associated with the component >> >> public boolean isActionAuthorized(Component component, Action action) { > if >> (action.equals(Component.RENDER)) { RoleCheck privCheck = (RoleCheck) >> component.getMetaData(EditControlToolBar.priv); if (privCheck != null) { >> ... } } >> >> However the getMetaData gives an error "Bound mismatch: The generic > method >> getMetaData(MetaDataKey) of type Component is not applicable for the >> arguments (MetaDataKey). The inferred type RoleCheck is not a valid >> substitute for the bounded parameter " >> >> Any help would be appreciated. Thank you >> >> - >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
RE: Wicket Authorization (Using MetaDataKey)
Doesn't seem to work either! -Original Message- From: Igor Vaynberg [mailto:igor.vaynb...@gmail.com] Sent: Wednesday, April 07, 2010 4:48 PM To: users@wicket.apache.org Subject: Re: Wicket Authorization (Using MetaDataKey) public static MetaDataKey priv = new MetaDataKey(){}; -igor On Wed, Apr 7, 2010 at 2:23 PM, Janani Sundarrajan wrote: > Hello, > > I am trying to implement a simple authorization strategy for my Wicket > application. I am implemented my own AuthorizationStrategy (extending > IAuthorizationStrategy). > > http://old.nabble.com/Authorization-strategy-help-td18948597.html After > reading the above link, I figured it makes more sense to use > metadata-driven authorization than one using Annotations. > > So I have a simple RoleCheck class > > public class RoleCheck { > > private String privilege; > > public RoleCheck(String priv) { this.privilege = priv; } > > public void setPrivilege(String privilege) { this.privilege = privilege; } > > public String getPrivilege() { return privilege; } > > } > > I add it a component public static MetaDataKey priv = new MetaDataKey() > {}; editLink.setMetaData(priv, new RoleCheck("Update")); > > And in my Authorization Strategy class, I try to get the metadata > associated with the component > > public boolean isActionAuthorized(Component component, Action action) { if > (action.equals(Component.RENDER)) { RoleCheck privCheck = (RoleCheck) > component.getMetaData(EditControlToolBar.priv); if (privCheck != null) { > ... } } > > However the getMetaData gives an error "Bound mismatch: The generic method > getMetaData(MetaDataKey) of type Component is not applicable for the > arguments (MetaDataKey). The inferred type RoleCheck is not a valid > substitute for the bounded parameter " > > Any help would be appreciated. Thank you > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Wicket Authorization (Using MetaDataKey)
public static MetaDataKey priv = new MetaDataKey(){}; -igor On Wed, Apr 7, 2010 at 2:23 PM, Janani Sundarrajan wrote: > Hello, > > I am trying to implement a simple authorization strategy for my Wicket > application. I am implemented my own AuthorizationStrategy (extending > IAuthorizationStrategy). > > http://old.nabble.com/Authorization-strategy-help-td18948597.html After > reading the above link, I figured it makes more sense to use > metadata-driven authorization than one using Annotations. > > So I have a simple RoleCheck class > > public class RoleCheck { > > private String privilege; > > public RoleCheck(String priv) { this.privilege = priv; } > > public void setPrivilege(String privilege) { this.privilege = privilege; } > > public String getPrivilege() { return privilege; } > > } > > I add it a component public static MetaDataKey priv = new MetaDataKey() > {}; editLink.setMetaData(priv, new RoleCheck("Update")); > > And in my Authorization Strategy class, I try to get the metadata > associated with the component > > public boolean isActionAuthorized(Component component, Action action) { if > (action.equals(Component.RENDER)) { RoleCheck privCheck = (RoleCheck) > component.getMetaData(EditControlToolBar.priv); if (privCheck != null) { > ... } } > > However the getMetaData gives an error "Bound mismatch: The generic method > getMetaData(MetaDataKey) of type Component is not applicable for the > arguments (MetaDataKey). The inferred type RoleCheck is not a valid > substitute for the bounded parameter " > > Any help would be appreciated. Thank you > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Wicket Authorization (Using MetaDataKey)
Hello, I am trying to implement a simple authorization strategy for my Wicket application. I am implemented my own AuthorizationStrategy (extending IAuthorizationStrategy). http://old.nabble.com/Authorization-strategy-help-td18948597.html After reading the above link, I figured it makes more sense to use metadata-driven authorization than one using Annotations. So I have a simple RoleCheck class public class RoleCheck { private String privilege; public RoleCheck(String priv) { this.privilege = priv; } public void setPrivilege(String privilege) { this.privilege = privilege; } public String getPrivilege() { return privilege; } } I add it a component public static MetaDataKey priv = new MetaDataKey() {}; editLink.setMetaData(priv, new RoleCheck("Update")); And in my Authorization Strategy class, I try to get the metadata associated with the component public boolean isActionAuthorized(Component component, Action action) { if (action.equals(Component.RENDER)) { RoleCheck privCheck = (RoleCheck) component.getMetaData(EditControlToolBar.priv); if (privCheck != null) { ... } } However the getMetaData gives an error "Bound mismatch: The generic method getMetaData(MetaDataKey) of type Component is not applicable for the arguments (MetaDataKey). The inferred type RoleCheck is not a valid substitute for the bounded parameter " Any help would be appreciated. Thank you - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: !! Wicket Authorization Problem !!
I already discovery what was wrong. Thanks anyway. on the Application Base class the AuthorizationStrategy and UnauthorizedComponentInstantiationListener must be registred like this: @Override protected void init() { NetCasasAuthorizationStrategy authorizationStrategy = new NetCasasAuthorizationStrategy(); getSecuritySettings().setAuthorizationStrategy(authorizationStrategy); getSecuritySettings().setUnauthorizedComponentInstantiationListener(authorizationStrategy); } Once again, thanks -- View this message in context: http://www.nabble.com/%21%21-Wicket-Authorization-Problem-%21%21-tp22318987p22320534.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
!! Wicket Authorization Problem !!
Hello there. I'm having problems developing Authorization on my webapplication. I have followed the steps of the chapter 12 of Wicket in Action. When i try to access to a protected page, the page is renderend instead of redirected to the Login page. Here is my code. I was wondering if anyone knows what am i missing. -->Application Base class public class NetCasasApplication extends WebApplication{ public NetCasasApplication() { addComponentInstantiationListener(new IComponentInstantiationListener() { public void onInstantiation(Component component) { if(!getSecuritySettings().getAuthorizationStrategy().isInstantiationAuthorized(component.getClass())) { getSecuritySettings().getUnauthorizedComponentInstantiationListener().onUnauthorizedInstantiation(component); } } }); } @Override public Class getHomePage() { return Index.class; } @Override public Session newSession(Request request, Response response) { return new NetCasasSession(request); } } --> The Protected page (NetCasas extends WebPage) each page that is suppose to protected extends this class package pt.msoftware.netcasas.wicket.security; import pt.msoftware.netcasas.wicket.NetCasasBasePage; public class ProtectedPage extends NetCasasBasePage { } -->The AuthorizationStrategy public class NetCasasAuthorizationStrategy implements IAuthorizationStrategy, IUnauthorizedComponentInstantiationListener { public boolean isInstantiationAuthorized(Class componentClass) { if(ProtectedPage.class.isAssignableFrom(componentClass)) { return NetCasasSession.get().isAuthenticated(); } return true; } public boolean isActionAuthorized(Component component, Action action) { throw new UnsupportedOperationException("Not supported yet."); } public void onUnauthorizedInstantiation(Component component) { throw new RestartResponseAtInterceptPageException(Login.class); } } On the constructor of the Application Base class (NetCasasApplication) an interceptor is registered. when i try to access a protected page, the method onInstantiation is executed. Inside the call getSecuritySettings().getAuthorizationStrategy() always return a IAuthorizationStrategy, never a NetCasasAuthorizationStrategy. So the method NetCasasAuthorizationStrategy.isInstantiationAuthorized is never executed. So i guess something is missing. Someone knows what? Thanks for the help. Os meus melhores cumprimenstos / Best Regards Marco Santos -- View this message in context: http://www.nabble.com/%21%21-Wicket-Authorization-Problem-%21%21-tp22318987p22318987.html Sent from the Wicket - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org